On Sun, 2008-12-28 at 00:22 -0500, Jeremy Shaw wrote:
> At Sat, 27 Dec 2008 22:41:58 -0600,
> brian wrote:
> >
> > On Sat, Dec 27, 2008 at 8:01 PM, Jeremy Shaw <jeremy at n-heptane.com> wrote:
> > > The problem with that function is that chroot affects the root of the
> > > whole process.
> >
> > Yeah. Maybe you want privilege separation. Instead of starting a
> > thread to do the stuff that requires extra authority, make it a
> > separate program and communicate with it with some simple protocol.
> > qmail might be good to look at to get the intuition.
>> In my case, it's not really a privilege / authority issue -- the goal
> is to be able to build chroot's to simulate different environments and
> then run code and applications in those environments. The primary use
> right now is an automated build system.
What I've been considering for Cabal is a restricted IO monad. It would
provide a bunch of the standard IO primitives for working with files and
processes. Once we're using such a thing instead of IO directly then it
is relatively easy to support a local/virtual working directory or
indeed checking to support something like chroot. Indeed there are lots
of things that can be added including logging, interactive debugging
etc. I've been considering doing it in the style where the restricted IO
monad generates a data structure with embedded continuations. The data
structure is then interpreted to get real IO. Changing the interpreter
allows for lots of different capabilities.
As Lane pointed out, how hard this is depends on how many primitive
operations you need.
Duncan